Suspicious emails claiming to be from AdWords
“Phishing” emails are tricky emails that appear to come from a particular person or organization, but aren't actually sent by that person or organization. These types of email messages are typically sent by online criminals or hackers who are trying to trick you into going to a fake website and entering your personal information or account details.
We'll tell you in the next sections how to figure out if a message really came from us, and what to do if you think it's a phishing email.
Google AdWords will never send an unsolicited message asking you to provide your password or other sensitive information by email or through a link. If you get an email asking you to share this information, it's probably a phishing email.
Three ways to check if an email is from Google
- Check the email's message headers
- Check where the links are pointing
- Confirm that "https" links are pointing to "https" pages
You can check an email's message headers to find out more details about where that email came from. If Google sends you an email, the "From" address should contain "@google.com," and the "Return-Path" should also contain "@google.com."
Before clicking any links in the email, right-click the link and select Copy Link Address or Copy Link Location. Then paste what you copied into a text document or text field to see what that URL actually says. If the URL is taking you somewhere other than a page on "google.com," this URL might be taking you to a non-Google webpage.
If the links in the email start with "https," make sure that the actual web page you end up on also starts with "https." This "https" is a sign that the web page you're on is using a secure server. Any page that asks for your password, your billing information, or any other sensitive information should always have "https" in its URL.
What to do if you get a phishing email
If you think you've received a phishing email that's trying to trick you into sharing your password, credit card numbers, or other sensitive information, don't reply to the email itself. Instead, report the phishing email to us immediately, and we'll let you know if Google actually sent it or not.
If you think someone has broken into your AdWords account, fill out our account security form, and we'll look into it as soon as possible.